5 Answers
5

To answer your question about whether it's possible, I will say it is next to impossible to be completely anonymous online. I will address the major issues that lurk outside the realm of technology.

People make mistakes and even the slightest mistake will break the "completeness" of anonymity. Mention the weather or forget to enable your proxy and you're done for.

Behavior can be analyzed (e.g. slang and idioms may locate you).

Behavior can be correlated (e.g when you are home vs online)

You have to connect somehow. Everything between your body and your means of anonymity is exposed.

Some offline threat may out you.

I also have a philosophical objection to the concept of complete anonymity. Any behavioral pattern/tendency - no matter how subtle it is and no matter how many aliases you have - exists. That is your identity and it is out there for all to see. This doesn't just include having a public social presence either. What type of links you click, what sort of things you download, etc. per session may not be able to be easily correlated with other session, but it is still a potentially consistent pattern and you.

"I will say it is next to impossible to be completely anonymous online." to be online doing what? Exchanging ideas, or just downloading stuff?
–
curiousguyJun 25 '12 at 21:02

@curiousguy Both. Some of my examples mention language, but all the concepts still apply to just downloading.
–
chao-muJun 25 '12 at 21:24

"or forget to enable your proxy" You can use packet filtering (aka "firewall", but I prefer "packet filtering") to block the HTTP and HTTPS TCP ports on exit. This will make normal browsing impossible, but connecting to a proxy possible (and if the proxy uses either HTTP or HTTPS ports, you can make an exception for just its IP address).
–
curiousguyJun 25 '12 at 22:45

I was giving an example, hence the e.g. I'm pointing out that things can be forgotten, packet filtering rules can have bugs, etc. I am just trying to illustrate that people make mistakes and that was (I felt) an accessible example.
–
chao-muJun 25 '12 at 23:40

1

"I'm pointing out that things can be forgotten, packet filtering rules can have bugs, etc." I understand. I was not trying to disprove anything you wrote in your answer. I was pointing-out that packet filtering can protect against stupid configuration mistakes. And I also believe that packet filtering (which is difficult to get right) should be used mostly this way as a protection against misconfiguration, not as a protection against attacks.
–
curiousguyJun 26 '12 at 0:00

Yes, it's technically possible, but you have to really, really know what you're doing. In other words, if you have to ask, then the answer is no.

Every connection on the Internet can be tracked, but it can only be tracked so far. When tracing a connection, the person goes host by host, following clues, reading logs, working with whatever data he can get. But if there are no more clues, then the trail ends.

If you can tunnel your connection through enough intermediate hosts which do not keep any logs of your connection, through countries from which it is difficult to obtain records, through organizations which do not have the infrastructure to do sufficient record-keeping, then re-tracing that trail gets impossibly difficult. It is hugely more difficult to follow a trail after-the-fact than real-time because ephemeral connection data is simply not retained; once the connection ends, systems tend to forget everything about it.

But there are plenty of clues that could leak through even the most carefully constructed web of misdirection; if the tracker can determine your identity just by watching the conversation, then he doesn't have to follow the trail at all. And the misdirection only works if the tracker tries to trace you back the path you came. If suspicious traffic is seen coming from your house, then it doesn't matter how many hops it takes to get to where it's going.

And just as importantly, you are no longer anonymous if you start to establish patterns. You can be anonymous just once, and then after that you start to build an identity -- a false identity, perhaps; but that doesn't mean that the identity can't be matched to you one way or another.

If you intend to make any decision based on your ability to be anonymous on the Internet, then you will probably eventually end up disappointed with how it turned out.

And absolutely, definitely do not bet on consumer-grade anonymizing services and proxies. If it's popular enough for you to have heard of it, then it's a target for surveillance.

Tor is considered to be one of the most anonymous networks. Put simply it works by encrypting the transmission with many proxies' public encryption key, then passing the data through the proxies in the order it is to be decrypted so that each one strips away its layer of encryption until the original data to be transferred is left and sent to the final destination. This way even if a proxy is compromised the data still has the remaining layers of encryption, also all but the first proxy have no contact with the sender. This service is free and you can find them here.

While security is the degree of protection against danger, damage, loss, and crime, being truly anonymous is a matter of view and perception. As Chao very well pointed out, things like behavioral analysis can be used to narrow down on an individual, but are insufficient to convict him.

Anonymous:

Not identified by name; of unknown name.

If we use that definition then just having behavior analysis experts cannot identify you as a particular individual. Only narrow the search area.

Therefore, the question to be asked is not "how to be completely anonymous online" but instead "How do hide from someone online". The reason is that different people use different tactics to find individuals.

Allow me to explain...

VPNs, proxies and Tor anonimise you to an extend that a particular 3rd party organization cannot later "backtrack" you. However, they do reveal your identity to the first node in case of Tor or to the proxy server itself.

If the node/servers keeps logs, you're identified then and there. If not, the telecom authority could hypothetically still have connection logs between your IP and the server, which could then get you identified.

What I'm trying to explain is your question is too vague in order to give a definitive answer. Just as security, anonymity is a degree of perception towards being anonymous.

To be frank, no one can be truly anonimous in real life or virtuality, since for any kind of communication an identity is required, and although we can give this identity any name we want, it is the core of our persona that cannot be faked, and therefore we cannot be anonymous.

"they do reveal your identity to the first node in case of Tor or to the proxy server itself." they only reveal an IP address, which is an Internet access identity, not a personal identity. An IP address can be shared by many people.
–
curiousguyJun 25 '12 at 22:17

1

That single IP can be tracked back to you if someone wanted to try hard enough. I mean, they would at least they the exact location it was leashed out to.
–
Rohan Durve - Decode141Jun 26 '12 at 12:34

1

"That single IP can be tracked back to you if someone wanted to try hard enough." Not in general (not if the IP is shared by many persons) "they would at least they the exact location it was leashed out to" not in general (mobile)
–
curiousguyJun 26 '12 at 19:09

The alternatives to attempting to hide your traffic directly is to run a tor exit node. Configure squid to transparently proxy that traffic and then surf entirely on Tor. Now some nodes will know your presence, but traffic analysis won't be 100% effective since you're caching your (and your visitor's) outbound requests. You are running the first node and if you only surf when your Tor node is being used to move other data around attribution will be incredibly difficult (but not impossible.)

you send all the tor exit node traffic destined for port 80 out the transparent proxy. So anyone using you as an exit node would proxy through it, but their access would be cached when they go to visit sites. When you go to visit various sites, pieces, or their entirety may be cached, this makes timing analysis difficult for an outside observer.
–
OriJun 25 '12 at 21:58

2

"you as an exit node" this is a key information
–
curiousguyJun 25 '12 at 22:04